The Health Insurance Portability and Accountability Act (HIPPA) of 1996 requires covered entities to take certain precautionary measures to protect their patients' data. When you're busy updating installing viruses scanners, setting up firewalls, encrypting your data, and performing other security-related tasks, you might overlook the most basic form of security of all: passwords.
Whether you're checking the company email or logging into access a patient's information, you'll need a password to gain access. Failure to password protect systems containing Protected Health Information (PHI) could place you at risk for a HIPAA violation. But it takes more than just a generic password to fully protect against cyber intrusion. You must take the time to choose a unique, non-sequential password to reduce the risk of a brute force attack.
Are you using your birthday or your mother's maiden name as a password? While it's easier to remember passwords such as this, it also increases the risk of cyber intrusion. Hackers often attempt “obvious” passwords before random ones, making these a poor choice for covered entities. Any password used by your company should be unique and without any personal identifiable words or information.
Here are some tips on how to choose an iron-clad password:
- Use a combination of upper-case letters, lower-case letters, non-sequential numbers, and special characters.
- Never use the same password on multiple systems. Each system should be given a unique password.
- Never store your passwords in plain text. If you must store them, do so in an encrypted file.
- Remember, the longer the password, the better.
- Don't use public WiFi and/or public computers to access company systems, as this may compromise your passwords.
- Run regular system checks to ensure there are key loggers installed on your company's computers.
- Avoid using programs or software that automatically generates passwords for you.
Ever wonder what the most commonly used passwords are? It wasn't long ago when “myspace123” or “facebook” topped the list, but these have since been weeded out in favor of equally as horrendous passwords. The cybersecurity and password management firm SplashData recently published a list of the top passwords for 2014, which includes the following: